<!--
Computer Science Course 531 - Introduction to Software Engineering
Olive Insurance Client Management System (Client Database Access)
Version 1.0 (Base System)
Spring 2011

-- Source Code Details --
Page Tile: mainPage.php
Created By: David Gonzalez, Computer Science (Undergraduate)
Documented By: Darrius Serrant, Computer Science (Undergraduate)
Purpose: User interface that provides users access to the entire application through
         basic username/password authentication.

Status: Completed. All functionality has been implemented. User interface changes completed.
                    Source code optimization pending.
-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
        <title>
            Olive Insurance Client Management System - Log In Page
        </title>
        <link rel="stylesheet" type="text/css" href="styles/main.css" />
    </head>
    <body>
       <?php
        /*
  *  PHP Documentation: Handles POST request transmitted from the current page; connect to the
  *  database and validate authentication information. If valid, permit user into the application.
  */
           require_once ('connectvars.php');
session_start();
$error_msg = "";
if(!isset ($_COOKIE['lutried'])) setcookie('lutried');
if(!isset ($_COOKIE['ntried'])) setcookie('ntried', 0);
if(!isset ($_SESSION['user_name'])){
    if(isset ($_POST['submit'])){
        $dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);

        $username = mysqli_real_escape_string($dbc,trim($_POST['username']));
        $password = mysqli_real_escape_string($dbc,trim($_POST['password']));

        if(strcmp($_COOKIE['lutried'],$username) == 0){
            $num = (int) $_COOKIE['ntried'];
            $num++;
            setcookie('ntried',$num);
        }else{
            setcookie('lutried',$username);
            setcookie('ntried',1);
        }

        if(!empty ($username) && !empty ($password)){
            $query = "SELECT Username, DISABLED FROM agent WHERE Username = '$username' AND " .
            "password = SHA('$password')";
            $data = mysqli_query($dbc, $query);

            if(mysqli_num_rows($data) == 1){
                $row = mysqli_fetch_array($data);
                if($row['DISABLED'] == 1){
                    $error_msg = 'Sorry your account has been locked. Please contct Administrator.';
                }else {$_SESSION['user_name'] = $row['Username'];
                    setcookie('lutried','',time()-3600);
                    setcookie('ntried','',time()-3600);
                    header('Location: ./loginPage.php');
                }
            }
            else{
                $error_msg = 'Could not log you in. Wrong Username and/or Password';
                if($_COOKIE['ntried'] == 5 && $username != 'Admin'){
                    $query = "UPDATE agent SET DISABLED = '1' WHERE Username = '$username'";
                    $data = mysqli_query($dbc, $query) or die("Error Updating1");

                    mysqli_close($dbc);
                }
            }
        }
        else{
            $error_msg = 'Please insert a username and password!';
        }
    }
}
        ?>
        <div id ="contentbox">

            <div id="header">
                <img src="images/header.gif" alt="Olive Insurance Client Management System, Version 1.0" />
            </div>
            <div id="separator">
                <img src="images/separator.gif" alt="" />
            </div>
            <div id="content">
                <div id="loginbox">
                    <p class="sectionheader">
                        Agent Login
                    </p>
                    <div id="loginform">
                    <?php
                        if(empty($_SESSION['user_name'])){
                    ?>
                        <form method="post" action="loginPage.php" >
                            <p class="errormessage">
                                <?php
                                    echo $error_msg ;
                                ?>
                            </p>
                            <p>
				<label for="username">Username:</label>
				<input type="text" id="username" name="username" />
                            </p>
			    <p>
				<label for="password">Password:</label>
				<input type="password" id="password" name="password" />
                            </p>
                            <p>
				<input class="sumbitbutton" type="submit" value="Log in" name="submit" />
                            </p>
                        </form>
                        <?php
                        }
                        else {
                        ?>
                        <div class="valid">
                            <img src="images/Progress_Wheel.gif" alt="" />Username and password verified. Logging you in...
                        </div>
                        <?php
                        header('Refresh: 2; ./mainPage.php');
                        }
                        ?>
                    </div>
                </div>
            </div>

            <div id="footer">
                Copyright &copy; 2011 by Olive Insurance, LLC. All rights reserved.
            </div>

        </div>
    </body>
 </html>